Results 1 to 3 of 3

Thread: Auto updates and Kaspersky disabled

  1. #1
    Junior Member
    Join Date
    Mar 2009
    Posts
    3

    Default Auto updates and Kaspersky disabled

    This machine had a lot of gunk on it. I ran Malwarebytes and AVG several times each and think I got most of it off. However I am unable to enable the automatic update service - I get permission denied. Also a new install of Kaspersky does not work and just says "Protection is not enabled". Thanks in advance for anything taking the time to read this.

    Michael

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:34:30 PM, on 3/17/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: IEVkbdBHO - {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [yowibivofi] Rundll32.exe "C:\WINDOWS\system32\yopunako.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [yowibivofi] Rundll32.exe "C:\WINDOWS\system32\yopunako.dll",s (User 'NETWORK SERVICE')
    O4 - Global Startup: AutorunsDisabled
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Web traffic protection statistics - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165358018640
    O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Access Connection Manager RasManSchedule (RasManSchedule) - Unknown owner - C:\WINDOWS\system32\1033a.exe (file missing)
    O23 - Service: Routing and Remote Access RemoteAccessNtLmSsp (remoteaccessntlmssp) - Unknown owner - C:\WINDOWS\system32\3com_dmik.exe (file missing)
    O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe (file missing)

    --
    End of file - 4673 bytes

  2. #2
    Junior Member
    Join Date
    Mar 2009
    Posts
    3

    Default Combofix report

    ComboFix 09-03-15.01 - admin 2009-03-17 13:23:51.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1471.1089 [GMT -7:00]
    Running from: l:\win_utils\C-o-m-b-o-Fix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
    .

    ((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 )))))))))))))))))))))))))))))))
    .

    2009-03-17 13:01 . 2009-03-17 13:01 <DIR> d--h----- C:\$AVG8.VAULT$
    2009-03-17 12:58 . 2009-03-17 12:58 10,520 --a------ c:\windows\system32\avgrsstx.dll
    2009-03-17 12:57 . 2009-03-17 12:59 <DIR> d-------- c:\windows\system32\drivers\Avg
    2009-03-17 12:57 . 2009-03-17 12:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
    2009-03-17 12:57 . 2009-03-17 12:57 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
    2009-03-17 12:57 . 2009-03-17 12:57 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
    2009-03-17 06:56 . 2009-03-17 06:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
    2009-03-17 06:55 . 2009-03-17 06:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
    2009-03-17 06:55 . 2009-03-17 06:55 <DIR> d-------- c:\documents and settings\admin\Application Data\Simply Super Software
    2009-03-17 06:55 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
    2009-03-17 06:55 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
    2009-03-17 06:55 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
    2009-03-17 06:55 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
    2009-03-17 06:55 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
    2009-03-17 06:36 . 2009-03-17 06:36 <DIR> d-------- c:\program files\Process Master
    2009-03-17 01:14 . 2009-03-17 01:14 <DIR> d-------- c:\program files\AVG
    2009-03-16 22:31 . 2009-03-16 22:31 <DIR> d-------- c:\documents and settings\admin\Application Data\Malwarebytes
    2009-03-16 22:17 . 2004-08-10 08:30 <DIR> d-------- c:\documents and settings\admin\WINDOWS
    2009-03-16 22:17 . 2004-08-11 06:55 <DIR> d-------- c:\documents and settings\admin\Application Data\Symantec
    2009-03-16 22:17 . 2004-08-10 09:16 <DIR> d-------- c:\documents and settings\admin\Application Data\SampleView
    2009-03-16 22:17 . 2004-08-10 08:28 <DIR> d-------- c:\documents and settings\admin\Application Data\Apple Computer
    2009-03-16 22:17 . 2009-03-16 22:17 <DIR> d-------- c:\documents and settings\admin
    2009-03-16 14:28 . 2009-03-16 14:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-03-16 12:57 . 2009-03-16 12:57 <DIR> d----c--- c:\windows\system32\DRVSTORE
    2009-03-16 12:57 . 2005-11-17 15:46 337,320 --a------ c:\windows\system32\difxapi.dll
    2009-03-15 11:16 . 2009-03-15 11:17 <DIR> d-a------ C:\_$$$KAV_ROOT
    2009-03-13 22:36 . 2004-08-10 08:30 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
    2009-03-13 22:36 . 2004-08-11 06:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
    2009-03-13 22:36 . 2004-08-10 09:16 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SampleView
    2009-03-13 22:36 . 2004-08-10 08:28 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
    2009-03-13 22:36 . 2009-03-17 12:58 <DIR> d-------- c:\documents and settings\Administrator
    2009-03-13 22:09 . 2009-03-13 22:09 16,244 --a------ c:\windows\system32\rrt_is.wav
    2009-03-13 22:09 . 2009-03-13 22:09 7,302 --a------ c:\windows\system32\rrt_vf.wav
    2009-03-13 22:09 . 2009-03-13 22:09 7,148 --a------ c:\windows\system32\rrt_tv.wav
    2009-03-13 22:09 . 2009-03-13 22:09 6,282 --a------ c:\windows\system32\rrt_tn.wav
    2009-03-13 13:40 . 2009-03-13 13:40 179,712 --a------ c:\windows\system32\findstr.dll
    2009-03-13 05:46 . 2009-03-13 05:46 23,172 --------- C:\2009-03-13_Kaspersky_Marilyn.htm
    2009-03-12 16:16 . 2009-03-12 16:16 179,712 --a------ c:\windows\system32\MAPISRVR.dll
    2009-03-12 15:47 . 2009-03-12 15:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2009-03-12 13:33 . 2009-03-12 13:35 1,808,081 --ahs---- c:\windows\system32\ojamowil.tmp
    2009-03-12 13:32 . 2009-03-12 13:32 1,136,132 --a--c--- c:\windows\system32\dllcache\explorer.exe
    2009-03-12 13:32 . 2009-03-12 13:32 179,712 --a------ c:\windows\system32\frmwrk32.dll
    2009-03-12 13:32 . 2009-03-16 13:02 172 --a-s---- c:\windows\system32\1767563480.dat
    2009-03-12 13:32 . 2009-03-12 13:32 67 --a------ C:\1.bat
    2009-03-12 13:32 . 2009-03-12 13:33 2 --a------ C:\1143837551
    2009-03-12 08:29 . 2009-03-12 08:31 43,056,600 --------- C:\kis8.0.0.506en.exe
    2009-03-11 11:07 . 2009-03-11 11:07 <DIR> d-------- C:\ProgramData
    2009-03-11 11:07 . 2009-03-11 11:07 <DIR> d-------- c:\program files\Angle Interactive
    2009-03-05 11:05 . 2009-03-05 11:05 2,713 ---hs---- c:\windows\system32\fogokili.dll
    2009-03-05 11:04 . 2009-03-05 11:04 2,713 ---hs---- c:\windows\system32\nuwisisa.dll
    2009-03-05 11:04 . 2009-03-05 11:04 2,713 ---hs---- c:\windows\system32\kizekase.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-16 13:31 1,033,728 ----a-w c:\windows\explorer.exe
    2009-03-14 02:06 --------- d-----w c:\program files\Microsoft Works
    2009-03-14 02:02 --------- d-----w c:\program files\Lavasoft
    2009-03-12 20:32 100,864 --sha-w c:\windows\system32\hifejavi.dll
    2009-03-12 01:47 --------- d-----w c:\program files\Mozilla Thunderbird
    2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
    .

    ------- Sigcheck -------

    2005-05-25 12:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
    2006-01-13 10:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
    2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    2008-06-20 03:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    2008-06-20 04:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    2008-06-20 04:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    2008-06-20 03:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
    2004-08-03 14:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB893066$\tcpip.sys
    2005-05-25 12:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$NtUninstallKB913446$\tcpip.sys
    2006-01-12 19:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys
    2006-04-20 04:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
    2008-04-13 12:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
    2007-10-30 10:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
    2008-04-13 12:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\ServicePackFiles\i386\tcpip.sys
    2008-06-20 04:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\dllcache\tcpip.sys
    2008-06-20 04:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-24 155648]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-10 180269]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-17 1932568]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoViewOnDrive"= 0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-03-17 12:58 10520 c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
    backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    --a------ 2009-01-28 17:37 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2008-04-13 17:12 15360 c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    --a------ 2005-01-12 14:54 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2005-02-17 00:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    --a--c--- 2004-02-25 23:17 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    --a--c--- 1998-05-07 16:04 52736 c:\windows\system\hpsysdrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2008-04-13 17:12 1695232 c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ncoOSCheck]
    --a--c--- 2006-11-27 21:40 120488 c:\program files\Norton Confidential\osCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-04-24 09:43 155648 c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    --a--c--- 2004-04-14 20:43 233472 c:\windows\SMINST\Recguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a--c--- 2004-08-10 07:09 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a--c--- 2004-08-10 08:04 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
    --a--c--- 2004-03-18 10:33 892928 c:\program files\Logitech\iTouch\iTouch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    --a--c--- 2005-03-04 12:01 88209 c:\windows\AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    --a------ 2004-09-07 14:47 57344 c:\windows\ALCXMNTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    --a------ 2004-10-22 11:53 53248 c:\windows\system32\VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-17 325640]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-17 107912]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-17 298264]
    S1 87ba2eda;87ba2eda;c:\windows\system32\drivers\87ba2eda.sys --> c:\windows\system32\drivers\87ba2eda.sys [?]
    S2 CWMonitor;Symantec Crimeware Protection Driver;\??\c:\program files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys --> c:\program files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys [?]
    S2 tdctxte;tdctxte Service;c:\windows\system32\tdctxte.exe --> c:\windows\system32\tdctxte.exe [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    eq2soft
    .
    .
    ------- Supplementary Scan -------
    .
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\1awnqfox.default\
    FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-17 13:24:54
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-03-17 13:26:08
    ComboFix-quarantined-files.txt 2009-03-17 20:25:59
    ComboFix2.txt 2009-03-17 20:18:25
    ComboFix3.txt 2008-10-04 00:54:35

    Pre-Run: 140,707,246,080 bytes free
    Post-Run: 140,694,175,744 bytes free

    204 --- E O F --- 2009-02-26 05:19:26

  3. #3
    Junior Member
    Join Date
    Mar 2009
    Posts
    3

    Default services

    Ok, turns out I could disable the two bogus services w/o getting access denied, so i disabled the tdctxt.exe and cLTNetCnService Services.

    I sure wish I could figure out how to give myself permissions to enable the automatic updates services. I purchased Sergiwa's RRT as it showed the auto updates in red as something it could fix, however it didn't fix anything.

    Here's my new HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:31:09 AM, on 3/18/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: AutorunsDisabled
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165358018640
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 3933 bytes

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •